• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Integrated Authentication WILL NOT work if the CAS is on a server with other roles installed as well

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> Integrated Authentication WILL NOT work if the CAS is on a server with other roles installed as well Page: [1]
Login
Message << Older Topic   Newer Topic >>
Integrated Authentication WILL NOT work if the CAS is o... - 11.Mar.2008 3:32:11 PM   
verypsb

 

Posts: 12
Joined: 13.Jun.2004
From: Netherlands
Status: offline
I'm having difficulty with integrated authentication enabled on the Outlook Web Access on a single server Exchange 2007 setup. It just prompts for username/password, and then fails with an error message 'authentication required' I found this article on the internet.

"The problem I have found, is that Integrated Authentication WILL NOT work if the CAS is on a server where other roles are installed as well (documentation). You will need to have a CAS only server for Integrated Authentication to work when authenticating to OWA. If you are using Integrated Authentication when the CAS is installed on a server in which other roles are installed, itíll prompt you for a password as if you were using Basic Authentication. This integrated authentication limitation is only when you are accessing OWA. Integrated Authentication will still work just fine for CAS-CAS Proxying/Redirection purposes."

This is exactly the issue I have on my Exchange 2007 server. Is the statement above true?

Our Exchange SP1 has been installed on a Windows 2008 Standard server.
Post #: 1
RE: Integrated Authentication WILL NOT work if the CAS ... - 11.Mar.2008 7:53:37 PM   
RB@SCC

 

Posts: 4
Joined: 11.Mar.2008
Status: offline
Yes, this is a true statement. Even with SP1.
 
Either move your CAS Role or move your users to 07 and fast.

(in reply to verypsb)
Post #: 2
RE: Integrated Authentication WILL NOT work if the CAS ... - 12.Mar.2008 1:54:24 AM   
verypsb

 

Posts: 12
Joined: 13.Jun.2004
From: Netherlands
Status: offline
Well, all users are on E2K7. I'ts Exchange 2007 OWA I'm having troubles with. Basic Authentication works, though.

(in reply to RB@SCC)
Post #: 3
SOLVED - 12.Mar.2008 4:27:58 PM   
dmutsaers

 

Posts: 13
Joined: 3.Jan.2007
Status: offline
Method 1: Disable the loopback check

Follow these steps:

1.
Click Start, click Run, type regedit, and then click OK.

2.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa


3.
Right-click Lsa, point to New, and then click DWORD Value.

4.
Type DisableLoopbackCheck, and then press ENTER.

5.
Right-click DisableLoopbackCheck, and then click Modify.

6.
In the Value data box, type 1, and then click OK.

7.
Quit Registry Editor, and then restart your computer.

(in reply to verypsb)
Post #: 4
RE: SOLVED - 13.Mar.2008 2:27:58 AM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
verypsb, if you can validate the above registry modification works for you on your CAS box, please reply back so I can update my article.  Thanks!

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to dmutsaers)
Post #: 5
RE: SOLVED - 13.Mar.2008 10:16:41 AM   
dmutsaers

 

Posts: 13
Joined: 3.Jan.2007
Status: offline
It looks like I have 2 login names  verypsb=dmutsaers

After applying the suggested registry settings above, I'm experiencing the following behaviour:
IE prompts for username/password, but these are accepted. (Like Basic Authentication, even when Basic Authentication has been disabled, and only Integrated Authentication is enabled)

Without the registry changes:
IE prompts for username/password, like Basic Authentication, but these are NOT accepted.

< Message edited by dmutsaers -- 13.Mar.2008 5:14:48 PM >

(in reply to Elan Shudnow)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> Integrated Authentication WILL NOT work if the CAS is on a server with other roles installed as well Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter